HTTP API
Almost everything Setu does is reached over MCP, not REST — the tools are the API. This page covers the raw HTTP surface underneath.
If you're integrating an assistant, you want Tools, not this page. There is exactly one REST endpoint, and it exists to feed the dashboard.
Base URL
https://api.mimanasa.onlineEndpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /mcp | The MCP endpoint. Streamable HTTP. Requires a bearer token; returns 401 with a WWW-Authenticate header pointing at the resource metadata. |
| GET | /api/stats | Your profile and send history, for the dashboard. Bearer token = a Google access token. |
| GET | /.well-known/oauth-protected-resource/mcp | RFC 9728 resource metadata. How a client discovers the authorization server. |
| GET | /.well-known/oauth-authorization-server | OAuth 2.1 server metadata: authorize, token, and registration endpoints. |
| POST | /register | Dynamic client registration. Google doesn't support DCR, so Setu proxies it — this is what makes remote MCP clients able to connect at all. |
| GET | /authorize | Starts the OAuth flow. Redirects to Google. |
| POST | /token | Exchanges an authorization code for an access token. |
| GET | /auth/callback | Where Google redirects back. Must match the URI registered in Google Cloud Console exactly. |
GET /api/stats
Read-only. The token names the user, so a caller can only ever read their own rows — there is no user ID parameter to tamper with.
Request
curl https://api.mimanasa.online/api/stats \
-H "Authorization: Bearer <google_access_token>"Response
{
"email": "you@gmail.com",
"name": "Himanshu Yadav",
"resume_link": "https://drive.google.com/file/d/…",
"total_sent": 42,
"total_failed": 1,
"sent_last_24h": 12,
"daily_limit": 80,
"companies": 38,
"recent": [
{
"to_email": "careers@acme.com",
"company": "Acme",
"subject": "Application for Backend Engineer at Acme",
"success": true,
"error": null,
"sent_at": "2026-07-15T09:22:04+00:00"
}
]
}Status codes
| 200 | OK |
| 401 | Missing, invalid, or expired bearer token |
| 404 | No such route |
Connecting a client
You shouldn't need to implement any of this by hand — an MCP client does the discovery, registration, and PKCE for you. Point it at:
https://api.mimanasa.online/mcpThe flow: the client fetches the resource metadata, registers itself at /register, sends the user to /authorize, and Setu hands off to Google. Google doesn't support dynamic client registration, which is why Setu sits in the middle as an OAuth proxy rather than pointing clients straight at Google.
Rate limits
Sending limits are per user and enforced in the server, not in the HTTP layer: 80 emails per rolling 24 hours, 25 per batch call. Over the limit, the tool returns success: false with a reason — not an HTTP error.